Example Cookie-Stuffing Overwriting Existing Cookies: Freshpair
The Effect of 180solutions on Affiliate Commissions and Merchants - Ben Edelman

As discussed in Affiliate Code Replacement via Popup "Double" Windows within The Effect of 180solutions on Affiliate Commissions and Merchants, 180 has implemented a system that can set affiliate tracking codes by a showing user a duplicate copy of a merchant's site. These popups set affiliate codes that, in the ordinary course of events, cause 180 to be paid commissions otherwise payable to other affiliates, and cause 180 to be paid commissions even if no commissions would otherwise be paid. For a listing of affected merchants (as of tests of June 2004), see merchants targeted with double windows. See also merchants I previously found to be targeted with silent cookie-stuffing.

This page shows specific network transmissions that implement 180's double-popup cookie-stuffing, targeting a request for freshpair.com made just after midnight (Eastern) on July 27, 2004. See also a video (WMV format, view in full-screen mode, warning: >900KB) confirming what took place, including showing my Cookies folder before and after receiving the 180solutions popup. The thumbnail at right shows the final on-screen display -- the tgw.com site, covered in part by the double popup that reached tgw.com through an affiliate link.

In this example, I sought to document how 180 (and its advertisers) can overwrite cookies set by other affiliates. My testing proceeded in the following way:

Index of Annotated Packet Logs (details)

Other Targeted Merchants: Double and Silent Popups

  1. I cleared my cookies, such that any cookies set on my PC were set in the course of the testing shown in my video.
  2. I browsed to galacticgalaxy.com, an ordinary affiliate site that links to freshpair.com via an affiliate link. I clicked through that affiliate link, yielding the communications shown in HTTP Transaction 1 (with original affiliate link shown in red highlighting) (including setting cookies, as shown in blue highlighting, noting a "64qw5" cookie).
  3. My browser rendered the freshpair.com site. (Network logs omitted for brevity.) Immediately, without any clicks on my part, Zango (installed on my PC) performed the communication shown in HTTP Transaction 2. In particular, Zango asked 180solutions' web servers for an ad to be shown -- sending the freshpair.com trigger (as shown in yellow highlighting), and receiving an affiliate link to qksrv.net in response (purple highlighting).
  4. In HTTP Transaction 3, Zango loaded the specified affiliate link in a new window. That link in turn set Commission Junction cookies (blue highlighting, noting a "2bcfb") cookie).
  5. Observing my cookies (cookie listing), I see that at the end of the events described above, my qksrv.net and commission-junction.com cookies included references to the "2bcfb" and other values set by the 180 affiliate link in Transaction 3 (blue highlighting). However, I see no surviving reference to the "64qw5" cookie set during the click from the original galacticgalaxy.com page.

Consistent with the rest of my site, the network logs below omit my DUID (my unique 180solutions user ID number). In place of the actual affiliate ID number used by the 180 pop-up, the logs use the phrase "[180solutions affiliate ID]".

In my testing of July 27, 2004, freshpair.com is but one of many merchants that remain targeted by 180solutions double popups. Some targeted merchants (like freshpair.com) use Commission Junction; others use LinkShare; others use other networks, or run in-house affiliate programs. Some double popups (like this one) entail 180solutions sending users directly to affiliate links via no other intermediaries; others first route users through one or more additional redirect servers.

 

Return to top
HTTP Transaction 1: Clicking Through GalacticGalaxy CJ Link to Freshpair
initial affiliate link
GET /click-1419550-10299173?SID=freshpair_26_21_25 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
Referer: http://www.galacticgalaxy.com/stores/freshpair.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Cookie: S=arxjpg5-509310467-1090902296816-vp
Connection: Keep-Alive
Host: www.qksrv.net

HTTP/1.1 302 Found
Server: Resin/2.1.13
P3P: policyref="http://www.qksrv.net/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Cache-control: no-cache
Pragma: max-age=0
Location: http://www.commission-junction.com/track/track.dll?AID=10299173&PID=1419550&UID1811=arxjpg5-509310467-1090902296816-vp&CBID=t8u6i0vq&SID=freshpair_26_21_25
setting initial affiliate cookies
Set-Cookie: QKINFO=fr58-64qw5-ufby-freshpair_26_21_25-120-t8u6i0vq-; domain=.qksrv.net; path=/; expires=Sun, 26-Jul-2009 04:25:13 GMT
Set-Cookie: LCLK=cjo!fr58-t8u6i0vq; domain=.qksrv.net; path=/; expires=Sun, 26-Jul-2009 04:25:13 GMT
Content-Type: text/html
Content-Length: 461
Connection: close
Date: Tue, 27 Jul 2004 04:25:13 GMT

<html>
<head><meta http-equiv="redirect" content="http://www.commission-junction.com/track/track.dll?AID=10299173&amp;PID=1419550&amp;UID1811=arxjpg5-509310467-1090902296816-vp&amp;CBID=t8u6i0vq&amp;SID=freshpair_26_21_25"></head>
<body>The URL has moved <a href="http://www.commission-junction.com/track/track.dll?AID=10299173&amp;PID=1419550&amp;UID1811=arxjpg5-509310467-1090902296816-vp&amp;CBID=t8u6i0vq&amp;SID=freshpair_26_21_25">here</a></body></html>


GET /track/track.dll?AID=10299173&PID=1419550&UID1811=arxjpg5-509310467-1090902296816-vp&CBID=t8u6i0vq&SID=freshpair_26_21_25 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
Referer: http://www.galacticgalaxy.com/stores/freshpair.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Connection: Keep-Alive
Host: www.commission-junction.com

HTTP/1.1 302 Found
Server: Resin/2.1.13
P3P: policyref="http://www.qksrv.net/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Cache-control: no-cache
Pragma: max-age=0
Location: http://www.freshpair.com/
Set-Cookie: S=arxjpg5-509310467-1090902296816-vp; domain=.commission-junction.com; path=/; expires=Sun, 26-Jul-2009 04:25:13 GMT
Set-Cookie: QKINFO=fr58-64qw5-ufby-freshpair_26_21_25-120-t8u6i0vq-; domain=.commission-junction.com; path=/; expires=Sun, 26-Jul-2009 04:25:13 GMT
Set-Cookie: LCLK=cjo!fr58-t8u6i0vq; domain=.commission-junction.com; path=/; expires=Sun, 26-Jul-2009 04:25:13 GMT
Content-Type: text/html
Content-Length: 169
Connection: close
Date: Tue, 27 Jul 2004 04:25:13 GMT

<html>
<head><meta http-equiv="redirect" content="http://www.freshpair.com/"></head>
<body>The URL has moved <a href="http://www.freshpair.com/">here</a></body></html>


Return to top
HTTP Transaction 2: Zango Request to 180solutions
keyword trigger
GET /showme.aspx?keyword=.freshpair.com+freshpair.com&did=762&ver=5.11&duid=531byhiprtvdgvadrfmfcgtxxyrjmg &partner_id=183723514&product_id=762&browser_ok=y&rnd=14&basename=zango
user id
&tzbias=5&MT=14A7F81A56809D668C16CC01198CB4B1F76369B7 &DMT=14A7F81A56809D668C16CC01198CB4B1F76369B7&GMA=1&GVI=1&GPI=1 &HMP=740D1DF749425B5CAC3C7869123259B78C7F4831&ACC=1&bid=0 &SID=DGDWNSLC&OS=5.1.2600.2&SLID=1033&ULID=1033&TLOC=1033 &ACP=1252&OCP=437&DB=iexplore.exe&IEV=6.0.2800.1 &TPM=200785920&APM=84611072&TVM=2147352576&AVM=1985703936 &FDS=1752760320&LAD=1601:1:1:0:0:0&WE=5 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Host: tv.180solutions.com
Connection: Keep-Alive
Cookie: register=lrd=7/21/2004 8:56:25 AM; partner=lcd=7/21/2004 8:56:25 AM&pi=183723514&pt=128rhaerupaflaassrkpydcgbqrgdi&ci=762&cn=4&cy=us&rg=2505&ct=38972&dma=506&pc=02239&ac=617&bd=12:00:00 AM&sx=&cd=6/6/2004 2:17:04 PM&md=7/13/2004 9:41:20 PM&dlu=12:00:00 AM&glu=7/21/2004 8:56:25 AM&csi=0&li=0&ei=0&chi=0&hii=0&ck=9468ab7c-fb6b-445a-a66b-2e020ea7cf25&upbl=False&cv=5.11; guid=9468ab7c-fb6b-445a-a66b-2e020ea7cf25; caps=as=0&lad=7/13/2004 7:43:48 PM&askw=0&ladkw=7/26/2004 9:20:30 PM; speedcheck=ls=7/21/2004 8:54:25 AM

HTTP/1.1 200 OK
Date: Tue, 27 Jul 2004 04:25:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="NON DSP COR ADMi DEVi TAIi PSAi PSDi OUR IND UNI NAV"
X-AspNet-Version: 1.1.4322
Set-Cookie: caps=as=0&lad=7/13/2004 7:43:48 PM&askw=1&ladkw=7/26/2004 9:20:30 PM; domain=.180solutions.com; expires=Wed, 27-Jul-2005 04:25:51 GMT; path=/
Set-Cookie: speedcheck=ls=7/21/2004 8:54:25 AM; domain=.180solutions.com; expires=Wed, 27-Jul-2005 04:25:51 GMT; path=/
Cache-Control: private, no-store
Content-Type: text/html; charset=utf-8
Content-Length: 1737

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
</HEAD>
<body>
ad to be shown
ad_url: <input id=ad_url name=ad_url value=http://www.qksrv.net/click-[180solutions affiliate ID]-3888551><br>
ad_takefocus: <input id=ad_takefocus name=ad_takefocus value=y><br>
ad_activationdelay: <input id=ad_activationdelay name=ad_activationdelay value=0><br>
ad_resizable: <input id=ad_resizable name=ad_resizable value=y><br>
ad_scrollbars: <input id=ad_scrollbars name=ad_scrollbars value=y><br>
ad_menubar: <input id=ad_menubar name=ad_menubar value=y><br>
ad_statusbar: <input id=ad_statusbar name=ad_statusbar value=y><br>
ad_toolbar: <input id=ad_toolbar name=ad_toolbar value=y><br>
ad_addressbar: <input id=ad_addressbar name=ad_addressbar value=y><br>
ad_fullscreen: <input id=ad_fullscreen name=ad_fullscreen value=n><br>
ad_statustext: <input id=ad_statustext name=ad_statustext value=><br>
ad_theatermode: <input id=ad_theatermode name=ad_theatermode value=n><br>
ad_id: <input id=ad_id name=ad_id value=263471><BR>
keyword_id: <input id=keyword_id name=keyword_id value=791638><BR>
ad_windowtitle: <input id=ad_windowtitle name=ad_windowtitle value="Brought to you by the Zango Search Assistant"><br>
<INPUT ID=kw_exclude TYPE=text style="VISIBILITY: hidden;" VALUE=".ancestry.com+security+weightwatchers.com+check+filter"><br>
<INPUT ID=ad_shown TYPE=text VALUE="y" style="VISIBILITY: hidden;"><br>

<SPAN class="957085619-06032003"><FONT face="Arial" color="#ff0000" size="5">Thank you
for your patience.&nbsp; You will be redirected to your destination site in a
few seconds.</FONT></SPAN>
</body>
</HTML>


Return to top
HTTP Transaction 3: Zango Loads Affiliate Link
opening affiliate window
GET /click-[180solutions affiliate ID]-3888551 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Host: www.qksrv.net
Connection: Keep-Alive
Cookie: S=arxjpg5-509310467-1090902296816-vp; QKINFO=fr58-64qw5-ufby-freshpair_26_21_25-120-t8u6i0vq-; LCLK=cjo!fr58-t8u6i0vq

HTTP/1.1 302 Found
Server: Resin/2.1.13
P3P: policyref="http://www.qksrv.net/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Cache-control: no-cache
Pragma: max-age=0
Location: http://www.commission-junction.com/track/track.dll?AID=3888551&PID=[180solutions affiliate ID]&UID1811=arxjpg5-509310467-1090902296816-vp&CBID=hb5i1xq
setting new affiliate cookies
Set-Cookie: QKINFO=fr58-2bcfb-m7rv-NA-120-hb5i1xq-; domain=.qksrv.net; path=/; expires=Sun, 26-Jul-2009 04:25:18 GMT
Set-Cookie: LCLK=cjo!fr58-hb5i1xq; domain=.qksrv.net; path=/; expires=Sun, 26-Jul-2009 04:25:18 GMT
 Content-Type: text/html
Content-Length: 403
Connection: close
Date: Tue, 27 Jul 2004 04:25:18 GMT

<html>
<head><meta http-equiv="redirect" content="http://www.commission-junction.com/track/track.dll?AID=3888551&amp;PID=[180solutions affiliate ID]&amp;UID1811=arxjpg5-509310467-1090902296816-vp&amp;CBID=hb5i1xq"></head>
<body>The URL has moved <a href="http://www.commission-junction.com/track/track.dll?AID=3888551&amp;PID=[180solutions affiliate ID]&amp;UID1811=arxjpg5-509310467-1090902296816-vp&amp;CBID=hb5i1xq">here</a></body></html>



GET /track/track.dll?AID=3888551&PID=[180solutions affiliate ID]&UID1811=arxjpg5-509310467-1090902296816-vp&CBID=hb5i1xq HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Cookie: S=arxjpg5-509310467-1090902296816-vp; QKINFO=fr58-64qw5-ufby-freshpair_26_21_25-120-t8u6i0vq-; LCLK=cjo!fr58-t8u6i0vq
Connection: Keep-Alive
Host: www.commission-junction.com

HTTP/1.1 302 Found
Server: Resin/2.1.13
P3P: policyref="http://www.qksrv.net/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Cache-control: no-cache
Pragma: max-age=0
Location: http://www.freshpair.com/
Set-Cookie: QKINFO=fr58-2bcfb-m7rv-NA-120-hb5i1xq-; domain=.commission-junction.com; path=/; expires=Sun, 26-Jul-2009 04:25:19 GMT
Set-Cookie: LCLK=cjo!fr58-hb5i1xq; domain=.commission-junction.com; path=/; expires=Sun, 26-Jul-2009 04:25:19 GMT
Content-Type: text/html
Content-Length: 169
Connection: close
Date: Tue, 27 Jul 2004 04:25:19 GMT

<html>
<head><meta http-equiv="redirect" content="http://www.freshpair.com/"></head>
<body>The URL has moved <a href="http://www.freshpair.com/">here</a></body></html>


Return to top
Resulting qksrv.net and commission-junction.com Cookies
cookies set by 180 popup
S
arxjpg5-509310467-1090902296816-vp
qksrv.net/
1024
125885440
30018985
2891511328
29651857
*
QKINFO
fr58-2bcfb-m7rv-NA-120-hb5i1xq-
qksrv.net/
1024
345885440
30018985
3118071328
29651857
*
LCLK
cjo!fr58-hb5i1xq
qksrv.net/
1024
345885440
30018985
3119321328
29651857
*
lsn_statp
tVEFAQ%3D%3D
linksynergy.com/
1024
2674163072
31119868
828824736
29651359



S
arxjpg5-509310467-1090902296816-vp
commission-junction.com/
1024
295885440
30018985
3061041328
29651857
*
QKINFO
fr58-2bcfb-m7rv-NA-120-hb5i1xq-
commission-junction.com/
1024
355885440
30018985
3124321328
29651857
*
LCLK
cjo!fr58-hb5i1xq
commission-junction.com/
1024
355885440
30018985
3125261328
29651857
*